Hcl Launch

hcl_launch

Vendor: Hcltechsw • 25 CVEs

CVEs (25)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-59849 1Hcltechsw 2Hcl Devops Deploy Hcl Launch Jan 6, 2026 Dec 17, 2025 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Improper management of Content Security Policy in HCL BigFix Remote Control Lite Web Portal (versions 10.1.0.0326 and lower) may allow the execution of malicious code in web pages.
CVE-2025-55254 1Hcltechsw 2Hcl Devops Deploy Hcl Launch Jan 6, 2026 Dec 17, 2025 N/A· v4 4.8 MEDIUM· v3 N/A· v2 Improper management of Path-relative stylesheet import in HCL BigFix Remote Control Lite Web Portal (versions 10.1.0.0326 and lower) may allow to execute malicious code in certain web pages.
CVE-2025-62329 1Hcltechsw 2Hcl Devops Deploy Hcl Launch Jan 7, 2026 Dec 16, 2025 N/A· v4 5.6 MEDIUM· v3 N/A· v2 HCL DevOps Deploy / HCL Launch is susceptible to a race condition in http-session client-IP binding enforcement which may allow a session to be briefly reused from a new IP address before it is invalidated. This could le...Show more HCL DevOps Deploy / HCL Launch is susceptible to a race condition in http-session client-IP binding enforcement which may allow a session to be briefly reused from a new IP address before it is invalidated. This could lead to unauthorized access under certain network conditions.Show less
CVE-2025-0272 1Hcltechsw 2Hcl Devops Deploy Hcl Launch Apr 10, 2025 Apr 3, 2025 N/A· v4 7.6 HIGH· v3 N/A· v2 HCL DevOps Deploy / HCL Launch is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure.
CVE-2025-0257 1Hcltechsw 2Hcl Devops Deploy Hcl Launch Apr 10, 2025 Apr 2, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 HCL DevOps Deploy / HCL Launch could allow unauthorized access to other services or potential exposure of sensitive data due to missing authentication in its Agent Relay service.
CVE-2025-0273 1Hcltechsw 2Hcl Devops Deploy Hcl Launch Apr 11, 2025 Mar 27, 2025 N/A· v4 5.5 MEDIUM· v3 N/A· v2 HCL DevOps Deploy / HCL Launch stores potentially sensitive authentication token information in log files that could be read by a local user.
CVE-2025-0255 1Hcltechsw 2Hcl Devops Deploy Hcl Launch Apr 11, 2025 Mar 24, 2025 N/A· v4 7.2 HIGH· v3 N/A· v2 HCL DevOps Deploy / HCL Launch could allow a remote privileged authenticated attacker to execute arbitrary commands on the system by sending specially crafted input containing special elements.
CVE-2025-0256 1Hcltechsw 2Hcl Devops Deploy Hcl Launch Apr 11, 2025 Mar 24, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 HCL DevOps Deploy / HCL Launch could allow an authenticated user to obtain sensitive information about other users on the system due to missing authorization for a function.
CVE-2024-42196 1Hcltechsw 1Hcl Launch Apr 14, 2025 Dec 6, 2024 N/A· v4 5.5 MEDIUM· v3 N/A· v2 HCL Launch stores potentially sensitive information in log files that could be read by a local user with access to HTTP request logs.
CVE-2024-42195 1Hcltechsw 2Hcl Devops Deploy Hcl Launch Apr 21, 2025 Dec 5, 2024 N/A· v4 6.8 MEDIUM· v3 N/A· v2 HCL DevOps Deploy / HCL Launch is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure.
CVE-2024-23561 1Hcltechsw 2Hcl Devops Deploy Hcl Launch Apr 11, 2025 Apr 15, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 HCL DevOps Deploy / HCL Launch is vulnerable to sensitive information disclosure vulnerability due to insufficient obfuscation of sensitive values.
CVE-2024-23558 1Hcltechsw 2Hcl Devops Deploy Hcl Launch Apr 11, 2025 Apr 15, 2024 N/A· v4 6.3 MEDIUM· v3 N/A· v2 HCL DevOps Deploy / HCL Launch does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.
CVE-2024-23560 1Hcltechsw 2Hcl Devops Deploy Hcl Launch Apr 11, 2025 Apr 15, 2024 N/A· v4 4.9 MEDIUM· v3 N/A· v2 HCL DevOps Deploy / HCL Launch could be vulnerable to incomplete revocation of permissions when deleting a custom security resource type.
CVE-2024-23559 1Hcltechsw 2Hcl Devops Deploy Hcl Launch Apr 11, 2025 Apr 15, 2024 N/A· v4 6.1 MEDIUM· v3 N/A· v2 HCL DevOps Deploy / Launch is generating an obsolete HTTP header.
CVE-2024-23550 1Hcltechsw 2Hcl Devops Deploy Hcl Launch Jun 3, 2025 Feb 3, 2024 N/A· v4 5.5 MEDIUM· v3 N/A· v2 HCL DevOps Deploy / HCL Launch (UCD) could disclose sensitive user information when installing the Windows agent.
CVE-2023-45702 1Hcltechsw 1Hcl Launch Nov 21, 2024 Dec 28, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 An HCL UrbanCode Deploy Agent installed as a Windows service in a non-standard location could be subject to a denial of service attack by local accounts..
CVE-2023-45701 1Hcltechsw 1Hcl Launch Nov 21, 2024 Dec 28, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 HCL Launch could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.
CVE-2023-45700 1Hcltechsw 1Hcl Launch Nov 21, 2024 Dec 21, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 HCL Launch is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure.
CVE-2023-45703 1Hcltechsw 1Hcl Launch Nov 21, 2024 Dec 21, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 HCL Launch may mishandle input validation of an uploaded archive file leading to a denial of service due to resource exhaustion.
CVE-2023-23348 1Hcltechsw 1Hcl Launch Nov 21, 2024 Jul 10, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 HCL Launch could disclose sensitive information if a manual edit of a configuration file has been performed.

12 Next